Skip to content

Security: cafpaiva/securepolicy-platform

Security

SECURITY.md

Security Policy

Supported versions

This is a portfolio and learning project. Security fixes are applied to the active develop and main branches.

Reporting a vulnerability

Open a private advisory or contact the repository owner directly. Do not disclose sensitive findings in public issues.

Security practices

  • CodeQL is enabled through GitHub Actions.
  • Dependabot monitors Maven, NPM and GitHub Actions dependencies.
  • Pull requests should include tests for security-sensitive behavior.
  • Secrets must never be committed to the repository.

There aren't any published security advisories